diff --git a/mybib.bib b/mybib.bib index 4a3e539..babef95 100644 --- a/mybib.bib +++ b/mybib.bib @@ -226,7 +226,8 @@ ISSN={0149-144X}} @INPROCEEDINGS{incrementalfmea, author={Price, C.J.}, -booktitle={Reliability and Maintainability Symposium, 1996 Proceedings. International Symposium on Product Quality and Integrity., Annual}, title={Effortless incremental design FMEA}, +booktitle={Reliability and Maintainability Symposium, 1996 Proceedings. International Symposium on Product Quality and Integrity., Annual}, +title={Effortless incremental design FMEA}, year={1996}, month={jan}, volume={}, @@ -299,7 +300,8 @@ ISSN={},} @INPROCEEDINGS{5754453, author={Snooke, N. and Price, C.}, -booktitle={Reliability and Maintainability Symposium (RAMS), 2011 Proceedings - Annual}, title={Model-driven automated software FMEA}, +booktitle={Reliability and Maintainability Symposium (RAMS), 2011 Proceedings - Annual}, +title={Model-driven automated software FMEA}, year={2011}, month={jan.}, volume={}, @@ -406,6 +408,31 @@ Database keywords = "fault-tolerance" } + +@INPROCEEDINGS{FMEAmultiple653556, +author={Price, C.J. and Taylor, N.S.}, +booktitle={Reliability and Maintainability Symposium, 1998. Proceedings., Annual}, title={FMEA for multiple failures}, +year={1998}, +month={jan}, +volume={}, +number={}, +pages={43 -47}, +keywords={Analytical models;Automotive engineering;Circuit simulation;Circuit testing;Conferences;Design engineering;Failure analysis;Fires;Power engineering and energy;System analysis and design;automotive electronics;failure analysis;approximate failure rates;automotive electrical subsystems;components failure;failure mode and effects analysis;multiple failures;realistically complex subsystems;simulation;wash wipe circuit;}, +doi={10.1109/RAMS.1998.653556}, +ISSN={0149-144X},} + +@INPROCEEDINGS{AutoFMEAfaultTree1281774, +author={Papadopoulos, Y. and Parker, D. and Grante, C.}, +booktitle={High Assurance Systems Engineering, 2004. Proceedings. Eighth IEEE International Symposium on}, title={Automating the failure modes and effects analysis of safety critical systems}, +year={2004}, +month={march}, +volume={}, +number={}, +pages={ 310 - 311}, +keywords={Aerospace engineering;Aerospace industry;Aerospace safety;Automotive engineering;Cause effect analysis;Computer architecture;Data engineering;Failure analysis;Performance analysis;Software performance; data flow analysis; fault trees; safety-critical software; software architecture; software fault tolerance; FMEA; component failure modes; data flow; data transactions; failure effect analysis; failure mode analysis; fault simulation; fault tree analysis; safety critical systems; software design; software development; system models; system safety analysis; system topology;}, +doi={10.1109/HASE.2004.1281774}, +ISSN={1530-2059},} + @article{iso9001, title = "ISO 9001 Quality", journal = "British Standards Institute", diff --git a/related_papers_books/automating_failure_modes_01281774.pdf b/related_papers_books/automating_failure_modes_01281774.pdf new file mode 100644 index 0000000..408b821 Binary files /dev/null and b/related_papers_books/automating_failure_modes_01281774.pdf differ diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index 3a04d09..07f7925 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -64,6 +64,9 @@ by applying FMMD to a sigma delta ADC. %shows FMMD analysing the sigma delta %analogue to digital converter---again with a circular signal path---which operates on both %analogue and digital signals. +\item Section~\ref{sec:Pt100} demonstrates FMMD being applied to commonly used Pt100 +safety critical temperature sensor circuit, this is analysed for single and double failure modes. + \end{itemize} @@ -1845,7 +1848,7 @@ The \sd example, shows that FMMD can be applied to mixed digital and analogue ci \clearpage -\section{Pt100 Analysis: FMMD and Mean Time to Failure (MTTF) statistics} +\section{Pt100 Analysis: FMMD and Double Failure Mode Analysis} \label{sec:Pt100} { %This section @@ -1865,7 +1868,8 @@ The \sd example, shows that FMMD can be applied to mixed digital and analogue ci For this example we look at an industry standard temperature measurement circuit, the Pt100. The four wire Pt100 configuration commonly used well known safety critical circuit. Applying FMMD lets us look at this circuit in a fresh light. -It also demonstrates FMMD coping with component parameter tolerances. +we analyse this for both single and double failures, +in addition it demonstrates FMMD coping with component parameter tolerances. The circuit is described traditionally and then analysed using the FMMD methodology. @@ -2261,8 +2265,9 @@ read 5V. Both readings are outside the proscribed range. \subsection{Summary of Analysis} All six test cases have been analysed and the results agree with the hypothesis -put in table~\ref{ptfmea}. The PLD diagram, can now be used to collect the -symptoms. In this case there is a common and easily detected symptom for all these single +put in table~\ref{ptfmea}. +%The PLD diagram, can now be used to collect the symptoms. +In this case there is a common and easily detected symptom for all these single resistor faults : Voltage out of range. % % A spider can be drawn on the PLD diagram to this effect. @@ -2284,7 +2289,7 @@ resistors in this circuit has failed. } -\subsection{Derived Component : The Pt100 Circuit} +\subsection{Derived Component with one failure mode.} The Pt100 circuit can now be treated as a component in its own right, and has one failure mode, {\textbf OUT\_OF\_RANGE}. This is a single, detectable failure mode. The observability of a fault condition is very good with this circuit. This should not be a surprise, as the four wire $Pt100$ @@ -2314,22 +2319,26 @@ It can now be represented as a PLD see figure \ref{fig:Pt100_singlef}. -\section{Double failure analysis} +%\section{Double failure analysis} %CITE PRICE MULTIPLE FAILURE PAPER. %\clearpage \section{ Pt100 Double Simultaneous Fault Analysis} \label{sec:Pt100d} -In this section we examine the failure mode behaviour for all single -faults and double simultaneous faults. -This corresponds to the cardinality constrained powerset of one (see section~\ref{ccp}), of -the failure modes in the functional group. -All the single faults have already been proved in the last section. -For the next set of test cases, let us again hypothesise -the failure modes, and then examine each one in detail with -potential divider equation proofs. +In this section we examine the failure mode behaviour % for all single +%faults and +double simultaneous faults. +Traditional FMEA methodologies do not provide double failure analysis~\cite{safeware}[p.342] +and double failure analysis for FMEA is a subject of current research~\cite{FMEAmultiple653556,AutoFMEAfaultTree1281774}. +%This corresponds to the cardinality constrained powerset of one (see section~\ref{ccp}), of +%the failure modes in the functional group. +All the single faults have been analysed in the last section. +%For the next set of test cases, let us again hypothesise +%the failure modes, and then examine each one in detail with +%potential divider equation proofs. +% Table \ref{tab:ptfmea2} lists all the combinations of double faults and then hypothesises how the functional~group will react under those conditions. @@ -2367,74 +2376,6 @@ TC 18: & $R_2$ SHORT $R_3$ SHORT & low & low & Both out of Rang \label{tab:ptfmea2} \end{table} -\subsection{Verifying complete coverage for a cardinality constrained powerset of 2} - -\fmodegloss - - -It is important to check that we have covered all possible double fault combinations. -We can use the equation \ref{eqn:correctedccps2} -\ifthenelse {\boolean{paper}} -{ -from the definitions paper -\ref{pap:compdef} -, -reproduced below to verify this. - -\indent{ - where: - \begin{itemize} - \item The set $SU$ represents the components in the functional~group, where all components are guaranteed to have unitary state failure modes. - \item The indexed set $C_j$ represents all components in set $SU$. - \item The function $FM$ takes a component as an argument and returns its set of failure modes. - \item $cc$ is the cardinality constraint, here 2 as we are interested in double and single faults. - \end{itemize} -} -\begin{equation} - |{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}} -- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} } - \label{eqn:correctedccps2} -\end{equation} - -} -{ -\begin{equation} - |{\mathcal{P}_{cc}SU}| = {\sum^{cc}_{k=1} \frac{|{SU}|!}{k!(|{SU}| - k)!}} -- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} } - %\label{eqn:correctedccps2} -\end{equation} -} - - -$|FM(C_j)|$ will always be 2 here, as all the components are resistors and have two failure modes. - -% -% Factorial of zero is one ! You can only arrange an empty set one way ! - -Populating this equation with $|SU| = 6$ and $|FM(C_j)|$ = 2. -%is always 2 for this circuit, as all the components are resistors and have two failure modes. - -\begin{equation} - |{\mathcal{P}_{2}SU}| = {\sum^{k}_{1..2} \frac{6!}{k!(6 - k)!}} -- {{\sum^{j}_{1..3} \frac{2!}{p!(2 - p)!}} } - %\label{eqn:correctedccps2} -\end{equation} - -$|{\mathcal{P}_{2}SU}|$ is the number of valid combinations of faults to check -under the conditions of unitary state failure modes for the components (a resistor cannot fail by being shorted and open at the same time). - -Expanding the sumations - - -$$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} \Big) $$ - -$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$ - -As the test cases are all different and are of the correct cardinalities (6 single faults and (15-3) double) -we can be confident that we have looked at all `double combinations' of the possible faults -in the Pt100 circuit. The next task is to investigate -these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}. - %\paragraph{Proof of Double Faults Hypothesis} diff --git a/submission_thesis/CH6_Evaluation/copy.tex b/submission_thesis/CH6_Evaluation/copy.tex index 4143ca0..662a032 100644 --- a/submission_thesis/CH6_Evaluation/copy.tex +++ b/submission_thesis/CH6_Evaluation/copy.tex @@ -169,13 +169,13 @@ equation~\ref{eqn:CC} becomes An FMMD hierarchy consists of many {\fgs} which are subsets of $G$. We define the set of all {\fgs} as $\mathcal{FG}$. Using $FG$ to represent individual {\fgs} we %can therefore -state $$ \forall FG \in \mathcal{FG} | FG \subset \mathcal{G}$$. +state $$ \forall FG \in \mathcal{FG} | FG \subset \mathcal{G} .$$ FMMD analysis creates a hierarchy $H$ of {\fgs} where $H \subset \mathcal{FG}$. - +% We can define individual {\fgs} using $FG$ with an index to identify them and a superscript -to identify the hierarchy level. For instance a {\fg} containing base components only ----at the zeroth level of an FMMD hierarchy---would have the superscript 0, i.e. $FG^{0}$. +to identify the hierarchy level. For instance the first {\fg} in a hierarchy, containing base components only +i.e. at the zeroth level of an FMMD hierarchy, would have the superscript 0 and a subscript of 1, i.e. $FG^{0}_{1}$. %$$ %Equation~\ref{eqn:rd} can also be expressed as % @@ -709,6 +709,77 @@ would verify that a single or double simultaneous failures model has complete fa By knowing how many test cases should be covered, and checking the cardinality associated with the test cases, complete coverage would be verified. +\subsection{Example: Pt100 Verifying complete coverage for a cardinality constrained power-set of 2} + +\fmodegloss + +We use the Pt100 example in~\ref{sec:Pt100} which performs double failure mode FMMD analysis. +It is important to check that we have covered all possible double fault combinations. +We can use the equation \ref{eqn:correctedccps2} +\ifthenelse {\boolean{paper}} +{ +from the definitions paper +\ref{pap:compdef} +, +reproduced below to verify this. + +\indent{ + where: + \begin{itemize} + \item The set $SU$ represents the components in the functional~group, where all components are guaranteed to have unitary state failure modes. + \item The indexed set $C_j$ represents all components in set $SU$. + \item The function $FM$ takes a component as an argument and returns its set of failure modes. + \item $cc$ is the cardinality constraint, here 2 as we are interested in double and single faults. + \end{itemize} +} +\begin{equation} + |{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}} +- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} } + \label{eqn:correctedccps2} +\end{equation} + +} +{ +\begin{equation} + |{\mathcal{P}_{cc}SU}| = {\sum^{cc}_{k=1} \frac{|{SU}|!}{k!(|{SU}| - k)!}} +- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} } + %\label{eqn:correctedccps2} +\end{equation} +} + + +$|FM(C_j)|$ will always be 2 here, as all the components are resistors and have two failure modes. + +% +% Factorial of zero is one ! You can only arrange an empty set one way ! + +Populating this equation with $|SU| = 6$ and $|FM(C_j)|$ = 2. +%is always 2 for this circuit, as all the components are resistors and have two failure modes. + +\begin{equation} + |{\mathcal{P}_{2}SU}| = {\sum^{k}_{1..2} \frac{6!}{k!(6 - k)!}} +- {{\sum^{j}_{1..3} \frac{2!}{p!(2 - p)!}} } + %\label{eqn:correctedccps2} +\end{equation} + +$|{\mathcal{P}_{2}SU}|$ is the number of valid combinations of faults to check +under the conditions of unitary state failure modes for the components (a resistor cannot fail by being shorted and open at the same time). + +Expanding the sumations + + +$$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} \Big) $$ + +$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$ + +As the test cases are all different and are of the correct cardinalities (6 single faults and (15-3) double) +we can be confident that we have looked at all `double combinations' of the possible faults +in the Pt100 circuit. +%The next task is to investigate +%these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}. + + + %\paragraph{Multiple simultaneous failure modes disallowed combinations} %The general case of equation \ref{eqn:correctedccps2}, involves not just dis-allowing pairs %of failure modes within components, but also ensuring that combinations across components @@ -771,7 +842,7 @@ We are interested only in ways in which it can fail. By definition, while all components in a system are `working~correctly', that system will not exhibit faulty behaviour. % -We can say that the OK state corresponds to the empty set. +%We can say that the OK state corresponds to the empty set. % Thus the statistical sample space $\Omega$ for a component or derived~component $C$ is %$$ \Omega = {OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N} $$ @@ -784,6 +855,8 @@ $ \Omega(C) = fm(C) \cup \{OK\} $). The $OK$ statistical case is the (usually) largest in probability, and is therefore of interest when analysing systems from a statistical perspective. +For these examples the OK state is not represented area proportionately, but included +in the diagrams. This is of interest for the application of conditional probability calculations such as Bayes theorem~\cite{probstat}. diff --git a/submission_thesis/appendixes/algorithmic.tex b/submission_thesis/appendixes/algorithmic.tex index 875d0c1..dd0a7be 100644 --- a/submission_thesis/appendixes/algorithmic.tex +++ b/submission_thesis/appendixes/algorithmic.tex @@ -2,10 +2,17 @@ \chapter{Algorithmic Description of FMMD} %\label{sec:symptom_abstraction} \label{sec:algorithmfmmd} -This section uses algorithms and set theory to describe the process for + +This section decribes the algorithm for performing one step of +FMMD analysis analysing a {\fg} and determining from it a {\dc}. +Algorithms using set theory describe the process. It begins with an overview of the FMMD process, and then contrasts and compares it -to diagnostic analysis (fault finding). +to diagnostic analysis (fault finding). +This discussion is followed by justification for using a bottom-up, forward search +approach, along with modularisation. +A theoretical example of FMMD using set theory is given. +The algorithm for performing FMMD is then presented. % \section{FMMD as a process.}